Display Known Exploited Vulnerabilities from FortiClient
This information is also available in the FortiOS 8.0 Administration Guide:
FortiGate can now detect and display CISA Known Exploited Vulnerabilities (KEV) for FortiClient devices managed by FortiClient EMS in the Security Fabric > Asset Identity Center and the Dashboard > Assets & Identities > Assets widget in the GUI. Drilling down displays vulnerability details.
When FortiClient endpoints managed by FortiClient EMS run vulnerability scans and detect vulnerabilities, this information is synchronized to EMS and subsequently to FortiGate. When FortiGate receives detected vulnerabilities, it looks up the vulnerabilities against the KEV database and flags them accordingly. As a result, the FortiOS GUI can display the number of KEVs found on an endpoint and provide details about the vulnerabilities. The security rating check for FortiClient vulnerabilities also fails when a KEV vulnerability is detected.
A new diagnose command is available:
# diagnose user-device-store device memory FortiClient-vulnerability-query <mac> <ip>
|
Option |
Description |
|---|---|
|
|
Query FortiClient vulnerability information by MAC and IP address. Takes 0-3 argument(s). |
To view information in Security Fabric > Asset Identity Center:
-
Go to Security Fabric > Asset Identity Center and view the Vulnerabilities column for KEV information detected by FortiClient.
-
In the Vulnerabilities column, hover over a vulnerability to display a tooltip to view the KEV category and vulnerabilities by severity level.
-
Click View vulnerabilities to display additional information.
-
Click Close.
-
In the Device column, hover over a device name to display a tooltip of information about known, detected exploited vulnerabilities.
To view information in Dashboard > Assets & Identities:
-
Go to Dashboard > Assets & Identities > Assets - FortiClient widget.
-
In the Device column, hover over a device name to display a tooltip of information about known, detected exploited vulnerabilities.
-
In the Vulnerabilities column, hover over a vulnerability to display a tooltip to view the KEV category and vulnerabilities by severity level.
-
Click View vulnerabilities to display additional information.
-
Click Close.
To query FortiClient vulnerability information by MAC and IP address:
# diagnose user-device-store device memory FortiClient-vulnerability-query <mac address> <IP address>Record #1:
fct_info
'scan_time' = '1769477815'
fct_vulnerability
'vuln_id' = '5685'
'severity' = '2'
'category' = 'Applications'
'vuln_name' = 'Security Vulnerabilities fixed in PuTTY 0.81'
'cve_ids' = 'CVE-2024-31497'
fct_vulnerability
'vuln_id' = '80382'
'severity' = '4'
'category' = 'Web Client'
'vuln_name' = 'Security Vulnerabilities fixed in Firefox 128'
'cve_ids' = 'CVE-2024-6611'
'cve_ids' = 'CVE-2024-6608'
'cve_ids' = 'CVE-2024-6602'
'cve_ids' = 'CVE-2024-6613'
'cve_ids' = 'CVE-2024-6604'
'cve_ids' = 'CVE-2024-6603'
'cve_ids' = 'CVE-2024-6615'
'cve_ids' = 'CVE-2024-6612'
'cve_ids' = 'CVE-2024-6600'
'cve_ids' = 'CVE-2024-6601'
'cve_ids' = 'CVE-2024-6614'
'cve_ids' = 'CVE-2024-6607'
'cve_ids' = 'CVE-2024-6610'
'cve_ids' = 'CVE-2024-6606'
'cve_ids' = 'CVE-2024-6609'
'cve_ids' = 'CVE-2024-6605'
fct_vulnerability
'vuln_id' = '80711'
'severity' = '4'
'category' = 'Web Client'
'vuln_name' = 'Security Vulnerabilities fixed in Firefox 129'
'cve_ids' = 'CVE-2024-7531'
'cve_ids' = 'CVE-2024-7524'
'cve_ids' = 'CVE-2024-7525'
'cve_ids' = 'CVE-2024-7522'
'cve_ids' = 'CVE-2024-7529'
'cve_ids' = 'CVE-2024-7518'
'cve_ids' = 'CVE-2024-7528'
'cve_ids' = 'CVE-2024-7521'
'cve_ids' = 'CVE-2024-7519'
'cve_ids' = 'CVE-2024-7526'
'cve_ids' = 'CVE-2024-7520'
'cve_ids' = 'CVE-2024-7527'
'cve_ids' = 'CVE-2024-7530'
'cve_ids' = 'CVE-2024-7523'
fct_vulnerability
'vuln_id' = '81006'
'severity' = '4'
'category' = 'Web Client'
'vuln_name' = 'Security Vulnerabilities fixed in Firefox 130'
'cve_ids' = 'CVE-2024-8383'
'cve_ids' = 'CVE-2024-8384'
'cve_ids' = 'CVE-2024-8385'
'cve_ids' = 'CVE-2024-8386'
'cve_ids' = 'CVE-2024-8389'
'cve_ids' = 'CVE-2024-8382'
'cve_ids' = 'CVE-2024-8387'
'cve_ids' = 'CVE-2024-8381'
fct_vulnerability
'vuln_id' = '81485'
'severity' = '4'
'category' = 'Web Client'
'vuln_name' = 'Security Vulnerabilities fixed in Firefox 131'
'cve_ids' = 'CVE-2024-9393'
'cve_ids' = 'CVE-2024-9396'
'cve_ids' = 'CVE-2024-9395'
'cve_ids' = 'CVE-2024-9400'
'cve_ids' = 'CVE-2024-9401'
'cve_ids' = 'CVE-2024-9402'
'cve_ids' = 'CVE-2024-9403'
'cve_ids' = 'CVE-2024-9394'
'cve_ids' = 'CVE-2024-9398'
'cve_ids' = 'CVE-2024-9399'
'cve_ids' = 'CVE-2024-9392'
'cve_ids' = 'CVE-2024-9397'
'cve_ids' = 'CVE-2024-9391'
fct_vulnerability
'vuln_id' = '81654'
'severity' = '4'
'category' = 'Web Client'
'vuln_name' = 'Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1'
'cve_ids' = 'CVE-2024-9680'
'kevs' = 'CVE-2024-9680'
fct_vulnerability
'vuln_id' = '81684'
'severity' = '2'
'category' = 'Web Client'
'vuln_name' = 'Security Vulnerability fixed in Firefox 131.0.3'
'cve_ids' = 'CVE-2024-9936'